Nowadays, many handheld, mobile, computing and other devices, for example smartphones, personal digital assistants (PDA) and handheld computers, use an input interface such as a touch-screen as the default input and output method for human/user interaction. This allows for efficient use of the physical real estate of the device, since the same physical area (e.g. the display screen) can be used both for input and output depending on the state of the software running on the device.
At the same time, handheld computing devices have become increasingly more powerful, so that they now rival the capabilities of full-fledged personal computers. A consequence of this is that most modern devices no longer use older-style, limited and locked down operating systems (OS), but instead use slightly reduced versions of full-blown operating systems, such as GNU/Linux or Berkeley Software Distribution (BSD) Unix, which are necessary to make full use of the computing power in these devices.
This progress has made it significantly more difficult for software programmers to establish a safe environment for entering secure data into the device, for example user passwords, personal identification numbers (PIN), bank account numbers, and social security numbers. In older-style, limited handheld devices, the more limited hardware and operating system made it possible to control the entire handheld device from a single application, and so an application for communicating with a bank could be reasonably sure that it was running alone on the device, and that no other application could intercept the data traffic. However, this is not the case with modern handheld computing devices, which offer a modern operating system that allows several applications to be running at the same time.
Additionally, the graphical user interface (GUI) is usually provided as a separate library outside of the operating system. This GUI library is typically quite large and complex, and is not always designed to prevent different applications from examining the graphical state of other applications. Even if it was designed to prevent applications from accessing each others graphical state, there can be mistakes in the design or bugs that allow this to happen anyway. Larger, more complex, operating systems also make it easier for potential mistakes in the application programmer interfaces (API) or bugs to slip into the operating system. These mistakes can also make it easier for unauthorized or malicious applications, such as computer viruses, trojan software, and other malware, to monitor the input and output of other, authorized, applications.
Furthermore, since modern handheld computing devices offer the possibility of downloading and installing many different applications onto the device, for example through purchasing additional applications, this makes it easier for malicious intruders to acquire sensitive data or information from the device. The user simply has to be tricked into installing a malicious application. Such an application might otherwise perform a valid service—however, unbeknownst to the user, the malicious application can acquire sensitive data or information from the user, not by hacking the other applications or the OS/GUI, but simply by interacting with the graphical state available to it through the standard OS/GUI API. This form of threat has existed for some time on desktop computers as well; however in those environments the problem can be somewhat mitigated by installed anti-virus software. Handheld computing devices are generally not yet powerful enough to run such anti-virus software regularly.
The problems are compounded in that many handheld computing devices use an input interface such as a touch-screen as the default input and output method. Since the only input that arrives from the touch-screen hardware are display coordinates, the operating system can no longer see the difference between drawing a point in a drawing program and entering a number as part of a PIN—it depends entirely on what image is drawn on the touch-screen. Thus the operating system can no longer assist in protecting input signals from the keyboard, because there is no physical keyboard. This risk could allow intruders to acquire sensitive data or information from users of computing devices with touch-screens by intercepting the signals from the touch-screen, either inside the OS, or by listening to the same signal stream from the GUI. These are the areas that embodiments of the invention are intended to address.